The CyberWire Daily Briefing 10.06.15
Minor cyber-rioting in Palestine and Israel defaces Radio Tel Aviv.
Elsewhere in the region observers see ISIS recruit through appeals to a misguided longing for transcendence, and (more darkly) through the Internet's characteristic theatrical disinhibition.
Cybereason reports an APT active and successful against Microsoft Outlook Web Application (OWA) — a malicious DLL file was found on the OWA server. At least 11,000 credentials were exposed.
7 Elements says it's found a remote access zero-day in VMware vCentre.
Threat actors Palo Alto traces to China have been able to exploit Apple's enterprise app distribution model and private APIs to evade Apple Store checks and implant malware in iOS devices.
Observers see the Scottrade hack as an object lesson in prompt detection and response. The Experian breach is taken to demonstrate that encryption is "not a panacea."
Reported cyber vulnerabilities in the nuclear power industry worry many, but the vulnerabilities are as familiar as they are endemic: obvious passwords, poor patching, operators' tendency to regard security as so much friction, etc.
Android 6.0 is out and being reviewed.
Until it gets actuarial data (or some reasonable surrogate) the cyber insurance sector seems stalled.
US Cyber Command issues a $460 million RFP (with funding for "digital munitions"). US DHS again delays its own cyber RFP.
Litigation, regulation, and cyber arms control continue to inhibit research.
The European Court of Justice voids the transatlantic Safe Harbor agreement, thereby exposing US firms to privacy lawsuits. The US objects to the ruling's misunderstanding of the PRISM program.
Notes.
Today's issue includes events affecting Australia, Austria, China, European Union, Germany, India, Iraq, Israel, Republic of Korea, Palestine, Singapore, Syria, United Kingdom, and United States.
Cyber Attacks, Threats, and Vulnerabilities
Pro-Palestinian Hackers Took over Radio Tel Aviv Website (HackRead) A group of pro-Palestinian hackers took over the official website of Radio Tel Aviv (TLV) on Sunday and left a deface page on the homepage showing anti-Israeli messages
'Till martyrdom do us part' (Washington Post) Somewhere in Syrian territory controlled by Islamic State militants, a jihadist from the Netherlands posted a cheerful photo on Twitter, showing off an Oreo cheesecake that she had made
ISIL? Torture porn? Dashcam crashes? Failblog? We are what we internet (Quartz) In late August, an unknown, shadowy group reportedly kidnapped seven fighters of the Islamic State of Iraq and the Levant (ISIL)
Hackers Breach Microsoft OWA Server, Steal 11,000 User Passwords (Softpedia) A malicious DLL was able to read&log passwords in clear text
Researchers find credential-stealing webmail server APT attack (ComputerWeekly) Security researchers have discovered a new and unique advanced persistent threat (APT) technique that involves a malicious module loaded onto a webmail server
Wily Attack on Microsoft Outlook Is Especially Worrying Because Everyone Uses Outlook (Slate) Microsoft's Outlook email service isn't exactly, how do I put this, a favorite
Zero day vulnerability found in VMware product (SC Magazine) A team of experts at 7 Elements has discovered a recent VMware vCentre vulnerability that could result in unauthorised remote access
Chinese hackers put iOS in the crosshairs with novel attack angles (CSO) Exploits use Apple's enterprise app distribution model and 'private APIs' to seed adware on iPhones, sidestepping App Store inspections
How easily the world's governments can hack your smartphone, according to Edward Snowden (Quartz) Sending just one text, Edward Snowden claims, enables the UK and the US to furtively take over someone's smartphone
From the Grave: Adobe Exploit Rises Again (IBM Security Intelligence) Halloween is just around the corner, and companies are doing everything they can to make sure the rest of 2015 is all treat and no trick. But for Adobe and its popular Flash Player, security flaws just won't stay in the ground
I am HDRoot! Part 1 (SecureList) Some time ago while tracking Winnti group activity we came across an intriguing sample
Millions affected by Scottrade brokerage breach that dates back two years (Help Net Security) Missouri-based retail brokerage firm Scottrade has suffered a breach nearly two years ago, but they are only notifying their customers about it now, because they only found out about it now
Experian T-Mobile hack shows encryption no 'panacea' for security, warns Tor co-founder (Computing) The theft of 15 million sets of T-Mobile customer data following a breach at credit agency Experian demonstrates that encrypting data isn't a "panacea" for keeping information secure from hackers, David Goldschlag, co-creator of the Tor secure browser, has warned
Experian Breach: Lessons Learned (BankInfo Security) What can T-Mobile do to help protect breach victims?
What You Need to Know About Android's Stagefright Vulnerability (Cheatsheet) One of the scariest of all Android vulnerabilities, made headlines this summer when it came to light that Android phones could be hacked with a simple text
Trump Hotel Collection Confirms Card Breach (KrebsOnSecurity) The Trump Hotel Collection, a string of luxury hotel properties tied to business magnate and Republican presidential candidate Donald Trump, said last week that a year-long breach of its credit card system may have resulted in the theft of cards used at the hotels
America's nuclear power plants use passwords like '1234' (The Week) The only thing preventing a possible nuclear reactor meltdown could be the password "1234," according to a new global study of power plant security systems
Nuclear Plants' Cybersecurity Is Bad — And Hard To Fix (Dark Reading) Report: 'Very few' nuclear plants worldwide patch software, and operations engineers 'dislike' security pros
A tour of the Dark Web: home of the cyber-criminal (Healthcare IT News) Every information security professional who touches healthcare data needs to become intimately familiar with [the Dark Web]
Bulletin (SB15-278) Vulnerability Summary for the Week of September 28, 2015 (US-CERT) The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week
Security Patches, Mitigations, and Software Updates
Google patches second round of Stagefright flaws in Android (IDG via CSO) More flaws have been found in how Android processes metadata in certain files
Android 6.0 Changes (Android Developers) Along with new features and capabilities, Android 6.0 (API level 23) includes a variety of system changes and API behavior changes
Android 6.0 Marshmallow, thoroughly reviewed (Ars Technica) Marshmallow brings a lot of user-requested features but still has no update solution
Top 5 Android Marshmallow enterprise security benefits (Help Net Security) Google's new Android Marshmallow operating system offers important new security and ease-of-use features that improve its functionality for both enterprise and individual consumers
Cyber Trends
DHS pushes on towards cyber risk management, insurance (FedScoop) DHS official Tom Finan says the private sector is warming to cyber insurance, but insurers still need better data to price policies
Average business spends $15 million battling cybercrime (CSO) The average U.S. company of 1,000 employees or more spends $15 million a year battling cybercrime, up 20 percent compared to last year
5 Signs Security's Finally Being Taken Seriously (Dark Reading) It's taken years, but infosec may have finally won a seat at the table, as executive leadership reports more mature attitudes and practices
Sophos: Why We Lack the 'Tools' To Secure The Internet Of Things (CRN) When asked whether anyone has the tools necessary to protect the burgeoning world of the Internet of Things, Sophos head of security research James Lyne said the "sheer pace of change" has prevented that from being possible
Don't Be Fooled: In Cybersecurity Big Data Is Not The Goal (Dark Reading) In other words, the skills to be a security expert do not translate to being able to understand and extract meaning from security data
More data breaches caused by lost devices than malware or hacking, Trend Micro says (Network World) Trend Micro's new cybersecurity report says most breaches are actually caused by device loss, rather than malware or hacking
DDoS Attacks Jump by a Third in Q2 (Infosecurity Magazine) The volume of distributed denial of service (DDoS) attacks in Q2 increased by almost a third (32%) on the previous quarter, according to the latest stats from security vendor Corero Network Security
Prevention is the best cure for identity theft (Help Net Security) In 2014, 85 percent of people took steps to prevent identity theft, according to ARAG, a provider of legal insurance
South Korea: Medical data delivers yet another identity crisis (Naked Security) Personal data breaches have become a plague worldwide, but have been an especially massive problem in South Korea
Marketplace
$460M CYBERCOM Contract Will Create Digital Munitions (Defense One) Meanwhile, the military's digital command hopes to recruit 6,200 operatives to thwart hacks against the US, aid troops overseas, and protect dot-mil
Long-delayed DHS cyber contract gets delayed again (Federal Times) The Department of Homeland Security is building a contract vehicle for administrative and operational support for its cyber missions — namely the National Protection and Programs Directorate (NPPD) and the Office of Cybersecurity and Communications (CS&C). But the deadline for submitting proposals continues to get bumped
Raytheon broadens cyber capabilities with acquisition of Foreground Security (PRNewswire) Raytheon Company (NYSE: RTN) announced it has acquired Herndon, Virginia-based Foreground Security, a leading provider of security operations centers (SOCs), managed security service solutions and cybersecurity professional services
CSC to acquire UXC for $428m (ComputerWorld) Services giant to acquire Australia's largest publicly-owned technology provider
Code42 Snares Huge $85M Series B Investment (TechCrunch) Code42, the Minneapolis-based developers of the Crashplan enterprise backup tool, announced a massive $85 million round today
Symantec, Veritas March Toward Split With Operational Separation Complete (CRN) Symantec and Veritas have taken the next big step toward their separation, Monday officially completing the operational split into two separate companies focused on security and storage, respectively
Symantec rolls out enhanced Secure One partner programme (MicroScope) A partner programme that makes it easier to get rebates and become a top tier partner has been rolled out globally by Symantec
Capgemini and Fortinet sign pact to deliver cybersecurity services to the Enterprise Market (Economic Times) Capgemini, a consulting, technology and outsourcing services announced an alliance with Fortinet, a leader in high performance cybersecurity solutions
Securonix Joins the Intelligence and National Security Alliance (Yahoo! Finance) Securonix today announced that it is proud to join The Intelligence and National Security Alliance (INSA), an unprecedented coalition among senior leaders from the public, private and academic sectors working toward innovative solutions to the national security issues facing the United States
UK plans cyber security mission to Mumbai, Delhi (Economic Times) The UK government will send its first-ever cyber security trade mission to India next week in the lead up to Prime Minister Narendra Modi's visit to the country next month
New Strategies to Address Security Skills Gap (InfoRisk Today) Experts say collaboration will help meet future needs
10 Security Certifications To Boost Your Career (Dark Reading) Earning a security credential can help you open the door to a great job. But you need to know which certification is the right one for you
Wynyard Group Announces Appointment of Senior Vice President Product (BusinessWire) Mr Chris Stauber joins Wynyard executive team
Threat Intelligence Expands with Appointment of Sagi Shahar (Scoop) Threat Intelligence expands with appointment of Sagi Shahar as Senior Security Consultant
Products, Services, and Solutions
Quick Heal Launches New Version Of Seqrite Mobile Device Management With Advanced Call, SMS And Network Monitoring Features (Business Solutions) Network security provider further simplifies mobile-based threat management with true SaaS-based approach to safeguarding dompany networks
New Product Feature Announced at CARTES 2015 (Keypasco) Keypasco are happy to announce a new product feature at the CARTES Exhibition in November 2015. This new feature is a natural extension of the secure authentication and secure mobility solution offering secure signatures in a PKI solution
Dell SecureWorks Launches Emergency Cyber Incident Response for Clients Deploying on Amazon Web Services (BusinessWire) Dell SecureWorks, consistently recognized by industry analysts as a leading provider for cybersecurity services, today announced a new on-demand Emergency Cyber Incident Response (ECIR) capability for clients deploying assets on Amazon Web Services (AWS)
vArmour Delivers Workload Security, Control and Visibility on Amazon Web Services (MarketWired via EIN News) vArmour provides application-layer security controls for AWS environments, including for Booz Allen Hamilton clients
HP announces world's most secure printers (Manila Bulletin) New HP LaserJets come with built-in self-healing security features with protection down to the BIOS
Tenable Network Security Expands International Cloud Services, Brings Nessus Cloud to AWS Region in Germany (BusinessWire) Tenable simplifies regulatory compliance and improves performance of vulnerability assessments for European customers with Nessus Cloud now hosted on Amazon Web Services Frankfurt region
AT&T And IBM Team Up For Mobile Cloud Security (MarketWatch) Security and simple access to cloud apps combined
FireLayers and Check Point Join Forces to Extend Security to Enterprise Cloud Applications (Nasdaq) In today's ever-connected world, employees are using their devices for personal and business activities, and hackers are targeting these employees using enterprise cloud applications to distribute sophisticated malware
iDefense IntelGraph: A next-generation threat intelligence platform to provide context around threats (CTOvision) Verisign's iDefense Security Intelligence Services is widely known in the enterprise technology community for providing actionable intelligence on cyber threats
Lieberman Software Privileged Identity Management Solution Achieves Scalability Milestone With Over 1 Million Managed Endpoints at a Single Deployment (Digital Journal) Lieberman Software Corporation's adaptive privileged identity management platform, Enterprise Random Password Manager™ (ERPM), achieved a major milestone recently by passing a million managed endpoints in a single customer deployment
SBA Empowers Small Businesses to Be Cyber Safe (PRNewswire) Launches online resources to help entrepreneurs identify risk and guard against cyberthreats
Singtel to help strengthen cyber security in Singapore (Malaysian Insider) Singapore Telecommunications Ltd said it plans to work with the Cyber Security Agency of Singapore to strengthen the country's cyber security capabilities, as the wealthy city-state grapples with a rise in online crime
Facing a strong backlash, person-rating app Peeple seemingly vanishes (Ars Technica) Founder writes on LinkedIn: "We want to bring positivity and kindness to the world"
Technologies, Techniques, and Standards
How (and why) to start a bug bounty program (ITWorld) Bug bounty programs are a cost-efficient way to fortify your systems. Here's how GitHub launched theirs, plus tips to get started
Data Breach Responses Must Begin Before Detection (Legaltech News) The days following a data breach are critical to investigation and notification, but absent a fully realized plan, those hours can be wasted
Planning in an attack-ridden landscape: Continuity planning (SC Magazine) With apologies to English songwriters Anthony Newley and Leslie Bricusse, it's a new dawn, a new breach
3 Waves of Threat Intelligence (InfoRisk Today) Gartner's Lawson on how to enable TI tactically in the enterprise
The importance of soft skills development for security professionals (TechTarget) While technical skills are obviously important for security pros, the importance of soft skills shouldn't be overlooked. Here are the top four worth mastering
Cyber Security Awareness Month… Through Proverbs (Internet Storm Center) Johannes introduced yesterday the Cyber Security Awareness month. As security professionals, our job is to take care of our systems and networks but also our users! Instead of giving repetitive technical tips ("do & don't"), why not try an alternative way to push messages to them via proverbs?
Research and Development
Kaspersky: Smartphones rot your brain and kill your memories (International Business Times) An over-reliance on mobile devices and the internet has led to us using our brains far less than our ancestors, which greatly impacts our ability to create and store long-term memories, psychology experts and a security firm are warning
Legislation, Policy, and Regulation
Opinion: The troubling rise of Internet borders (Christian Science Monitor Passcode) If countries erect more borders and limits in the digital domain, the engine of global social and economic change that's powered by the Internet will quickly stall
The rise of the zero-day market (Ars Technica) Just as defenders find their feet, lawmakers move to outlaw security research entirely
Cyber Legislation Coming Soon to the Senate Floor (National Law Review) It appears that the Senate may celebrate the fact that October has been designated as National Cybersecurity Awareness Month by finally considering the Cybersecurity Information Sharing Act (CISA/S. 754) on the Senate floor
DoD wants DIB to divulge breaches (FierceGovernmentIT) The Defense Department initiated a policy that would require contractors in its Defense Industrial Base, or DIB, information sharing network to report certain cyber breaches in all contracts with the department
Have DoD Contractors and Subcontractors Been Drafted? Once Voluntary Defense Industrial Base CS/IA Regulations Now Mandatory and Aligned With New DFARS Cybersecurity Rules (National Law Review) When last we left the Department of Defense, they had issued a rather wide-reaching interim DFARS rule addressing cybersecurity practices, data retention, and cloud services purchasing guidance
Joint Information Environment: What's next? (C4ISR & Networks) It's been two years since the Joint Information Environment reached initial operating capacity, and officials at the Defense Department say the enterprisewide movement to coordinate military IT expands every day
The Future of Geospatial Intelligence (Cipher Brief) The National Geospatial-Intelligence Agency may be the most massive intelligence organization you've never heard of
Navy transitions Task Force Cyber Awakening to permanent office (Federal News Radio) The Navy has just wrapped a one-year project designed to "awaken" the service to the need to drive cybersecurity concerns into everything it does. It's now transitioning the lessons it learned into a permanent organization called Navy Cybersecurity
Litigation, Investigation, and Law Enforcement
Europe's top court rejects 'Safe Harbor' ruling (USATODAY) Europe's top court on Tuesday ruled that a 15-year-old agreement allowing American companies to handle Europeans' data was invalid, a decision that could affect how technology companies such as Amazon, Facebook and Google operate overseas
Data Security Impasse Poised to Overturn Safe Harbor Program (Compliance Week) An Austrian student's displeasure with Facebook is poised to invalidate the longstanding trans-Atlantic Safe Harbor program for international data transfers
Court ruling on Safe Harbor brings uncertainty to privacy dealings (IDG via CSO) By declaring the Safe Harbor agreement invalid, the Court of Justice of the European Union exposes businesses to legal action
US spies weigh in on EU case targeting Silicon Valley (The Hill) The top lawyer for the United States' vast system of intelligence agencies on Monday pushed back against a European legal argument that could prove disastrous for Facebook, Google and other top tech companies
The ECJ has its facts wrong about Prism (IC on the Record) Last month an advocate-general of the European Court of Justice issued an opinion in a case of exceptional significance for commercial relations between the US and the EU. Washington, which is not a party to the proceedings, has no opportunity to make a direct submission to the court
LinkedIn set to pay $13 million compensation over its email persistence (Naked Security) If you're a member of LinkedIn then you'll already know that the professional networking site likes to send out a large number of emails on a regular basis
Joint International Task Force Launched To Fight Cyber Crime (Homeland Security Today) During the third global cyber crime conference jointly organized by Europol and INTERPOL, discussions included threat assessments, cooperation models, legal and practical challenges, training and capacity building initiatives and a strong focus on operational results and lessons learned
IP camera makers pressure researcher to cancel security talk (IDG via CSO) The presentation contained details of software flaws in major cameras
Why feds aren't concerned about OPM's stolen fingerprint database (FierceGovernmentIT) Federal workers may finally be able to breathe a sigh of relief, as cybersecurity experts say the recent theft of more than 5 million fingerprints doesn't pose a serious risk
Snowden says he would go to prison to return to U.S. (Military Times) Edward Snowden says he has offered to return to the United States and go to jail for leaking details of National Security Agency programs to intercept electronic communications data on a vast scale
For a complete running list of events, please visit the Event Tracker.
Newly Noted Events
Cyber³ Conference: Crafting Security in a less Secure World (Nago City, Okinawa, Japan, Nov 7 - 8, 2015) An international conference on cyber security hosted by the Government of Japan with the support of the World Economic Forum. At this conference, multi-stakeholders, including policymakers, business leaders, and researchers from around the world, will discuss the new reality of Cyber Connection, Cyber Security, and Cybercrime (together, Cyber³) and their implications for the future of the Internet
Upcoming Events
IT Security one2one Summit (Austin, Texas, USA, Oct 4 - 6, 2015) The IT Security one2one Summit is designed to deliver focused one2one business meetings between IT Security Solution Providers and IT Security decision-makers (Delegates) with purchasing budgets. Delegates are senior-level IT security executives from major organizations. Solution providers represent a wide variety of IT security solutions, technologies and products including: Network Security, Security Infrastructure, Identity & Access, Data Protection, Cybercrime, Risk & Compliance and more!
ACFCS 2015 Cyber Financial Crime Summit (Washington, DC, USA, Oct 5 - 6, 2015) From massive data breaches to cyber fraud, hacktivism to cyber warfare, the threat landscape of cyber financial crime now reaches every part of public and private sector organizations. Yet too often the response has been fragmented, and in many cases key stakeholders — compliance professionals, investigators, security officers and others — haven't sat together at the same table. Financial crime compliance programs, including AML, fraud and others, play a key role in safeguarding against cyber threats. Over two days packed with practical guidance and networking, the Summit hones in on the knowledge, skills and awareness professionals need to be effective on the latest front against financial crime
Smart Industry (Chicago, Illinois, USA, Oct 5 - 7, 2015) The Industrial Internet of Things (IIoT) is no longer a futuristic notion. Those that are embracing IIoT now are realizing positive, near-term benefits and creating a competitive advantage in the market. Are you prepared? No matter where your company is on the path to IIoT initiatives, the Smart Industry Conference & Expo will deliver critical information to help you plan, execute and optimize your IIoT implementation
Fleming Gulf's Information & Cyber Security Summit (Moscow, Russia, Oct 6 - 7, 2015) The "Information & Cyber Security Summit 2015" aims to provide a platform, to discuss with top dignitaries and decision makers from different industries & government officials, the important aspects of the subject like threats and sources of threats, current scenario & market trends, information security policy, future of information security in Russian Federation
RFUN 2015 (Washington, DC, USA, Oct 7, 2015) RFUN is a free, one-day conference that brings together a lineup packed with thought leadership on intelligence and security, big data analysis, and information visualization
Buy-Side Technology North American Summit (New York, New York, USA, Oct 7, 2015) WatersTechnology is proud to present the fifth annual Buy-Side Technology North American Summit. Building on the success of last year, this event will address the latest trading and technology challenges affecting the buy-side in an ever-changing financial and regulatory landscape. The event brings together industry professionals to showcase innovative strategies for optimizing trade execution, managing risk and increasing operational efficiency, whilst keeping costs to a minimum
IP Expo Europe (London, England, UK, Oct 7 - 8, 2015) With six top enterprise IT events under ONE roof, IP EXPO Europe assists the IT Industry in future proofing their IT and embracing a digital future. The event showcases brand new exclusive content and senior level insights from across the industry, as well as unveiling the latest developments in IT. IP EXPO Europe now incorporates Cloud and Infrastructure Europe, Cyber Security Europe, Data Centre Europe, Data Analytics Europe, DevOps Europe and Unified Communications Europe. Bringing together 300+ exhibitors and 300+ free to attend seminar sessions, this is the only must attend event of the year for CIOs, heads of IT, technology experts and engineers
Cyber Security Europe (London, England, UK, Oct 7 - 8, 2015) Cyber Security Europe will host the latest cyber security experts to speak on the topics risking the future of our businesses, and provide access to the latest technology innovators who provide the leading products and solutions. Cyber Security Europe at IP EXPO Europe offers you a wealth of specialist insight and solutions to help you protect your business from criminal gangs and recover faster after an attack
Annual Privacy Forum 2015 (Luxemburg, Oct 7 - 8, 2015) The distributed implementation of networks and services offers the opportunity for new Privacy Enhancing Technologies (PETs) that could support users' needs while safeguarding their personal data. Although these technologies are widely discussed in the research community, their mere existence is often unknown to the general public. Hence PETs need the support of policy to find their way into IT products. The terms privacy/security by design and by default have found their way into legal and policy texts; however, there is still a lack of knowledge regarding their implementation into services. The European Commission Directorate General for Communications Networks, Content and Technology (DG CONNECT), the European Union Agency for Network and Information Security (ENISA) and, as local host, the University of Luxemburg organize a two-day event with the objective of providing a forum to academia, industry and policy makers. This year, the main focus of the Annual Privacy Forum will be on the privacy of electronic communications
Homeland Security Week (Arlington, Virginia, USA, Oct 7 - 9, 2015) The 10th Annual Homeland Security Week (HSW) will provide homeland security stakeholders with an industry event focusing on further developing the requirements necessary for numerous government agencies, all directly or indirectly responsible for US homeland security, to facilitate a complex, joint, multilayered plan that will combat the evolving threat our country faces — all while ensuring the support of the communities they serve. The event will bring together top homeland security leaders from both government and industry alike to discuss requirements, critical issues, and vulnerabilities within national security
(ISC)² SecureTurkey (Istanbul, Turkey, Oct 8, 2015) Sessions include exploring the threat landscape and its drivers, the common pitfalls endemic to current business trends that ensure a perpetual pipeline of vulnerabilities available for exploitation and how to express these threats — and their countermeasures — in a way that the business can comprehend and act upon
AFCEA Wasatch Tech & Cyber Security Day (Ogden, UT, USA, Oct 8, 2015) The Armed Forces Communications & Electronics Association (AFCEA) Wasatch Chapter will once again host the 6th Annual Information Technology & Cyber Security Day at Hill AFB. This annual event is an excellent way to network with key personnel including IT, Communications, Cyber, Engineers and Contracting Officers' at Hill AFB
BSides Raleigh (Raleigh, North Carolina, USA, Oct 9, 2015) Security B-sides (BSides) is a community-driven framework for building events for and by information security community members. The goal is to expand the spectrum of conversation beyond the traditional confines of space and time. It creates opportunities for individuals to both present and participate in an intimate atmosphere that encourages collaboration. It is an intense event with discussions, demos, and interaction from participants. It is where conversations for the next-big-thing are happening. Security is top of mind across the entire sphere of IT and the world beyond. Therefore, more people and organizations are interested in the next new thing in security. BSides is the place where these people come to collaborate, learn and share. With many tech-companies, colleges and universities in Raleigh, Durham, Chapel Hill and surrounding areas, it is also an international center of innovation in the security industry
ISSA International Conference (Orlando, Florida, USA, Oct 22 - 23, 2014) Join us for solution oriented, proactive and innovative sessions focused on security as a vital part of the business.
HITB GSEC Singapore (Singapore, Oct 12 - 16, 2015) HITB GSEC Singapore is a three-day security conference where attendees get to vote on the final agenda and are introduced to speakers and each other based on the votes they cast
ACM-CCS (Conferences on Computer and Communications Security) (Denver, Colorado, USA, Oct 12 - 16, 2015) ACM-CCS is one of the longest running cyber security conferences in the world. It's been going on since 1993, and this year it will celebrate its 22nd edition. This flagship conference brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results in information security
New York Metro Joint Cyber Security Conference (New York, New York, USA, Oct 14, 2015) The New York Metro Joint Cyber Security Conference is a collaborative event cooperatively developed, organized and sponsored by the leading information security industry organizations and chapters
Fall 2015 Cybersecurity Summit (McLean, Virginia, USA, Oct 15, 2015) Join us for our third annual Cybersecurity Summit for in-depth perspective and insight from leaders in the public and private sector on the government's information security landscape and opportunities for industry and government to collaborate on network defense
NASA Goddard Cyber Expo (Greenbelt, Maryland, USA (also available by webex), Oct 2, 2014) The 2014 Goddard Cyber Expo will be a dedicated Information Technology & Cyber Expo at this secure facility hosted by the Office of the Chief Information Officer. The OCIO will be recruiting speakers to provide informational sessions on relevant Cyber issues. Industry exhibitors may sit in on the sessions. This event will be promoted to all NASA Cyber and IT-focused personnel, as well as the entire workforce at this location
BSides Portland (Portland, Oregon, USA, Oct 16 - 17, 2015) BSides PDX is a gathering of the most interesting infosec minds in Portland and the Pacific Northwest! Our passion about all things security has driven attendance from other parts of the country. Our goal is to provide an open environment for the InfoSec community to engage in conversations, learn from each other and promote knowledge sharing and collaboration
SecTor (Toronto, Ontario, Canada, Oct 19 - 21, 2015) Illuminating the Black Art of Security. Now entering its 9th year, SecTor has built a reputation of bringing together experts from around the world to share their latest research and techniques involving underground threats and corporate defences. The conference provides an unmatched opportunity for IT Professionals and Managers to connect with their peers and learn from their mentors
CSX 2015 (Washington, DC, USA, Oct 19 - 21, 2015) CSX brings together some of the leading experts in the industry for an exciting event designed to give the knowledge, skills and tools you need to help protect and defend your organization. Learn hands-on how to incorporate industry best practices, with over 70 sessions — each tailored to individual levels of cybersecurity expertise and experience
Cyber Defense San Diego 2015 (San Diego, California, USA, Oct 19 - 24, 2015) Cyber security training in San Diego CA from SANS Institute, the global leader in Information Security training. SANS Cyber Defense San Diego 2015 features hands-on, immersion-style training courses for security professionals at all levels. Many of these security courses have Certifications that are aligned with DoD Directive 8570/8140 and most courses at this event are associated with GIAC Certifications. SANS delivers unparalleled security training with world-class Instructors
2015 Cyber Risk Insights Conference (New York, New York, USA, Oct 20, 2015) The world's largest cyber risk event for P&C professionals. Save-the-date for Advisen's 5th annual Cyber Risk Insights Conference in New York City with a full-day program that takes place on October 20, 2015
2015 Government Cybersecurity Forum (Washington, DC, USA, Oct 20, 2015) The Government Cybersecurity Forum was created three years ago a result of the complexity of today’s global threat environment. As more devices connect to the Internet and data breaches continue to escalate, the hottest debate in cybersecurity revolves around the balance between privacy, anonymity, technology and security. For the first time ever, join leading government, military, technology and policy experts as they gather in one room to help solve this urgent issue facing the government and industry in securing infrastructure
Cyber Security Summit: Boston (Boston, Massachusetts, USA, Oct 9, 2015) The Cyber Security Summit provides an exclusive business environment to meet with Senior Executives who are seeking innovative solutions to protect their business & critical infrastructure. Delegates at the Cyber Security Summit are prequalified based on their willingness to meet with Solution Providers and proven ability to purchase products and services
Swiss Cyber Storm (KKL Lucerne, Switzerland, Oct 21, 2015) Swiss Cyber Storm 2015 is an international IT security conference that provides essential information about national cyber security issues, critical for both government and private infrastructures. The event also includes a cyber challenge competition held beforehand, which offers the best security talents a chance to be invited to the conference
Cyber Security Summit 2015 (Minneapolis, Minnesota, USA, Oct 21 - 22, 2015) The Summit's mission is to establish a multi-stakeholder consortium that brings together industry, government and academic interests in an effort to improve the state of cyber security on both a domestic and international level. We believe that cyber security cannot be contained and outsourced to any one sector. Due to the vast scope of cyber threats, it requires active engagement of all stakeholders, including entities and organizations — large and small — across every industry
DevSecCon (London, England, UK, Oct 22, 2015) DevSecCon is a newly formed, non-profit conference for DevOps and SecOps practitioners, run by practitioners. By creating a neutral platform, we will exchange and create new ideas on how to leverage the best of both worlds
Ruxcon 2015 (Melbourne, Australia, Oct 24 - 25, 2015) Ruxcon is a computer security conference that aims to bring together the best and the brightest security talent within the Aus-Pacific region. The conference is a mixture of live presentations, activities and demonstrations presented by security experts from the Aus-Pacific region and invited guests from around the world. Ruxcon is widely regarded as a leading computer security conference within Australia attracting all facets of the security landscape from industry, academics, to enthusiasts
2015 North American International Cyber Summit (Detroit, Michigan, USA, Oct 25 - 26, 2015) The North American International Cyber Summit 2015 hosted by Michigan Governor Rick Snyder, is set to take place in the heart of Downtown Detroit at the newly remodeled Cobo Center for the second straight year. As in the previous three sold-out summits, this year's event will bring together experts from across the globe to address a variety of cybersecurity issues impacting the world of business, education, information technology, economic development, law enforcement and personal use
ICS Cyber Security Week (Atlanta, Georgia, USA, Oct 26 - 29, 2015) ICS Cyber Security Week is the longest-running cyber security-focused conference dedicated to the industrial control systems sector. The event caters to critical infrastructure organizations in the following sectors: energy, utility, chemical, transportation, manufacturing, and many more
Cyber Awareness & Technology Days (Colorado Springs, Colorado, USA, Oct 27 - 28, 2015) The Information Systems Security Association (ISSA) Colorado Springs Chapter http://www.issa-cos.org will once again host the 6th Annual Cyber Security & Information Technology Days set to take place at Peterson AFB on Tuesday, October 27, 2015 and at Ft Carson on Wednesday, October 28, 2015. Both events are being conducted in October to coincide with National Cyber Security Awareness Month as a way to encourage collaboration between local military personnel and industry partners. Government and Industry experts will be on hand to brief attendees on the latest trends, best practices and remediation strategies, in the cyber security field. These one day forums will offer Cyber Security & Information Technology personnel a unique, local opportunity to get up-to-date informaton on rapidly evolving security security challenges
Designing Secure Healthcare Systems (Long Branch, New Jersey, USA, Oct 27 - 29, 2015) Designing Secure Healthcare Systems is a three day intensive and immersive workshop…by healthcare hackers for healthcare technologists. Over the three days you will go from the basics of SQL injection to the over the top advanced concepts used to break code — you will learn not just by watching — but by doing. Regardless of your programming background or technical focus, you will walk away much better prepared to design and develop secure healthcare information technology systems
Cloud Security Alliance Summit NYC 2015 (New York, New York, USA, Oct 28, 2015) The full-day Cloud Security Alliance NYC Summit is a standalone event in Manhattan. Co-hosted by the CSA NY Metro and CSA Delaware Valley chapters, some 200 well-qualified attendees are expected. The theme is "Enterprise Lessons Learned in Cloud Security," with experts from financial services and other key industries. Viney Patel, Director, Global Head of Information Security at Citi Technology Infrastructure and Dan Reynolds, VP, Chief of Security and Information Architecture at Omnicom Media Group will be keynote speakers
Data Breach Summit Asia 2015 (Mumbai, India, Oct 28, 2015) As Cyber Security continues to become a challenge for all industries, ISMG's Data Breach Summit a unique, one-day event will focus on the issues to help the participants learn more about how to prevent cyber security breaches as well as how to mitigate the situation should a breach occur. The summit will provide an unparalleled platform to the attendees to engage in dialogue on real-world solutions protecting their organisations
Technology & Cyber Awareness Day (Aurora, Colorado, USA, Oct 28, 2015) The Buckley Air Force Base Technology & Cyber Security Day is a one-day event held on-site, where industry vendors will have the opportunity to display their products and services to IT, Comm, Cyber and Intelligence personnel. FBC will invite personnel from all major units and tenants at Buckley AFB, including ADF personnel
CyberMaryland 2015 (Baltimore, Maryland, USA, Oct 28 - 29, 2015) Now entering its 5th year, the Federal Business Council is proud to bring you the CyberMaryland 2015 Conference. The conference theme this year is "Collaborate.Educate.Innovate"
Cyber Security World 2015 (Washington, DC, USA, Oct 28 - 29, 2015) Cyber Security World 2015 brings together security experts, practitioners, and researchers who will share their firsthand knowledge and open the discussion to information sharing between public and private sector attendees. Join us in Washington, D.C. for two days of deep dive discussion on cybersecurity management and strategy, operations, cybercrime, and privacy. You're sure to walk away with new ideas you can implement in your organization to combat the cyber threat
Hackito Ergo Sum (Paris, France, Oct 29 - 30, 2015) No commercial content, no vendor talk. First time presenters welcome. Highly technical talks only. Bonus point for offensive and weird ideas. Areas and domains: systems hacking & security, network hacking, non-x86 exploitation, mobile hacking, offensive forensics, hardware & firmware hacking, brain hacking, automated hardware reverse engineering
8th Annual Space, Cyber, and Telecommunications Washington DC Conference (Washington, DC, USA, Oct 29 - 30, 2015) The Space, Cyber, and Telecommunications Law team hosts an impressive lineup of the world's greatest minds annually at conferences in Washington DC and in Lincoln, Nebraska and at occasional events around the world. Explore our past conferences and learn about our upcoming events below